The present invention is related to telecommunications, and in particular, to a telecommunications system and method for generating a normal behavior profile of a customer and for determining a deviation from the generated profile to detect fraudulent activity.
It is well known that the telecommunications industry regularly suffers major losses due to fraud. The various types of fraud may be classified into two categories: subscription fraud and superimposed fraud. In subscription fraud, an account is obtained without any intention to pay the bill. In such cases, abnormal usage occurs throughout the active period of the account. The account is usually used for call selling or intensive self-usage, for example. The superimposed fraud is carried out when fraudsters “take over” a legitimate account. The abnormal usage is superimposed upon the normal usage of a legitimate customer. Examples of such cases include cellular cloning, calling card theft, and cellular handset theft, to name a few.
To combat telecommunications fraud, various conventional techniques attempt to discover so-called “probably fraudulent” patterns based on historical data and then to detect the “probably fraudulent” patterns. The fraud detection system collects data representing the prior transactions by the calling party, by the user of credit or debit cards, etc. The collected data is then searched for the “probably fraudulent” patterns in user behavior. For example, if the person's international telephone calls continue for over 2 hours in a 24-hour time period, such activity would most likely constitute a fraudulent pattern.
This conventional approach to fraud detection, however, is limited in several ways and has a number of disadvantages. First, fraud patterns are customer-dependent. Since each customer demonstrates an individual behavior, certain usage patterns may be suspicious for one customer, but are normal for another. Second, in order to construct a comprehensive fraud classification system, examples of all fraud patterns must be taken into account. The large number of possible fraud patterns and the constant emergence of new ones make it impractical to create such a fraud classification system. Further, it is difficult to obtain training data that is properly classified as fraudulent and non-fraudulent.
A need therefore exists to overcome the disadvantages of the above-noted fraud detection approaches, as well as other conventional approaches to fraud detection in the telecommunications industry.